US20060156006A1 - Differentiated proxy digital signatures - Google Patents

Differentiated proxy digital signatures Download PDF

Info

Publication number
US20060156006A1
US20060156006A1 US11/026,559 US2655904A US2006156006A1 US 20060156006 A1 US20060156006 A1 US 20060156006A1 US 2655904 A US2655904 A US 2655904A US 2006156006 A1 US2006156006 A1 US 2006156006A1
Authority
US
United States
Prior art keywords
digital
documents
signatures
document
source
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US11/026,559
Other versions
US7890762B2 (en
Inventor
Josef Dietl
Theo Verlaan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SAP SE
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US11/026,559 priority Critical patent/US7890762B2/en
Assigned to SAP AKTIENGESELLSCHAFT reassignment SAP AKTIENGESELLSCHAFT ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: DIETL, JOSEF, VERLAAN, THEO
Publication of US20060156006A1 publication Critical patent/US20060156006A1/en
Application granted granted Critical
Publication of US7890762B2 publication Critical patent/US7890762B2/en
Assigned to SAP SE reassignment SAP SE CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: SAP AG
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations

Definitions

  • the present invention generally relates to digital data processing and more particularly to workflows involving signed documents.
  • the present invention provides methods and apparatus, including computer program products, that implement techniques for integrating normal paper signatures into computer-implemented workflows secured by digital signatures.
  • the invention provides methods and apparatus, including computer program products, for providing input to a workflow application.
  • Source documents are received that can have respective original signatures but are not digitally signed.
  • the source documents can be paper documents, or they can be scanned representations of paper documents.
  • Proxy digital signatures are applied to digital representations of the source documents.
  • the proxy digital signatures are differentiated in that they are annotated with metadata indicating the quality of the respective original signatures.
  • the digital representations of the source documents comprise text representations.
  • the digital representations of the source documents comprise image representations.
  • the non-digital source documents are digitized.
  • the method metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having an original signature that was verified by a person applying the proxy digital signature to the corresponding source document.
  • the metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having an original signature that was not verified by a person applying the proxy digital signature to the corresponding source document.
  • the metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having no original signature.
  • the signed digital representations of the source documents with proxy digital signatures and metadata are provided to a workflow application as input documents.
  • FIG. 1 is a block diagram of an implementation of the invention and operations relating to it.
  • FIG. 1 illustrates a data processing system 100 that is running a workflow application 110 .
  • the data processing system 100 can be implemented on one or more computers in a local or distributed configuration.
  • the data processing system 100 and the workflow application 110 can be implemented in a client-server architecture, with users interacting with the system and application through client computers, e.g., personal computers or mobile personal digital assistants.
  • the workflow application 110 performs one or more business processes in a digital form taking signed digital documents 114 as input.
  • the use of digital signatures on the documents provides security for the processes.
  • not all potential participants may be able to produce documents with digital signatures, or to produce digital signatures that can be accepted by the workflow application 110 .
  • proxy digital signatures do not individually stand for either the authenticity or the integrity of the document content as such, but only for the correspondence of a digital representation of the document 118 to its source document 116 and to the presence of an actual signature on the source document 116 .
  • the original source document 116 can be digitized ( 130 ) for handling by the system 100 in a number of ways.
  • documents can be entered by a typist or scanned by a scanner operator.
  • Scanned documents can be processed into text form by an optical character reader (OCR) program or process, which can optionally involve a human operator to provide correction or confirmation of the resulting digital text.
  • OCR optical character reader
  • the original source document can exist in, or be provided to, the system 100 in digital form, but without a digital signature sufficient for the security requirements of the workflow application 110 .
  • the original source document can be one or more records in a database and a printed paper document that was generated from those records.
  • a salesman updates an order database with order information and prints an order document for a customer, the customer then signs the generated order document, and the salesman returns the signed order for processing. Assessing the actual signature ( 132 ), described below, then would include confirming that the signed paper order corresponds to the data from which it was generated.
  • the signature block of at least a proxy digital signature is annotated with suitable metadata to differentiate the kinds of digital signatures that will appear on documents entering the workflow application 110 .
  • the kinds of digital signatures that are differentiated, and distinguished by metadata can include the following kinds.
  • Verified paper signature In a freshly created digital representation, the signature of the paper original was verified by a person based on a signature sample.
  • Verified image signature The signature in a digital image representation was verified based on a signature sample.
  • Unverified image signature present. The presence of a signature in a digital image representation, but not the signature itself, was verified by a person.
  • the proxy digital signature will cover both the document itself—generally in the form of a hash of the document—and the metadata describing the kind of proxy digital signature that has been applied.
  • Assessing the source document signature i.e., determining whether an original signature is present, and if so, whether it matches a sample signature—is done by a person who provides the information to a program running on the system 100 .
  • This person signs ( 134 ) the digital representation 118 of the document with a proxy digital signature that is annotated with metadata identifying the kind of signature and the nature of the verification that was done with respect to the original signature, if any, on the source document. In this way, a digital document with a differentiated proxy signature 120 is produced.
  • Digital documents with differentiated proxy signatures 120 can then be submitted as an input documents to the workflow application 110 , just as digital documents 114 with real digital signatures are submitted.
  • the workflow application 110 can then accept, reject, or give special handling to each document with a proxy signature based on the quality of the signature attached to it, as indicated by the proxy signature metadata.
  • Such signed documents can exist in a number of forms.
  • a digital document and its differentiated proxy signature can be stored as a record in a database with the signature being attached to the document and part of the same record.
  • a database can have one column for documents and a parallel column for corresponding signatures.
  • a database can a first table for document contents and a second table for descriptive information with a key that links descriptive information to documents, and the digital signature can be stored as one item of information stored in the second table.
  • a unique identifier e.g., a properly constructed Uniform Resource Locator (URL), Uniform Resource Name (URN), Uniform Resource Identifier (URI), or Internationalized Resource Identifier (IRI)
  • URL Uniform Resource Locator
  • URN Uniform Resource Name
  • URI Uniform Resource Identifier
  • IRI Internationalized Resource Identifier
  • proxy signatures can facilitate the roll-out of digital-signature based systems, allowing digital-signature based work processes to be established inside a company where only parts of the company are attached to the certification infrastructure (e.g., for geographically detached parts, separate departments, or staged roll-outs).
  • the use of such proxy signatures can also facilitate cross-organization, digital-signature-based workflows where some of the partners involved are not (yet) part of the certificate authority network, as well as workflows involving individual customers who are not part of the certificate authority network.
  • the use of such proxy signatures can also be used to increase reliability in CRM (customer relationship management) operations because the employees entering documents into the CRM system are firmly attached to their documents through the proxy digital signatures that they apply.
  • the invention and all of the functional operations described in this specification can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structural means disclosed in this specification and structural equivalents thereof, or in combinations of them.
  • the invention can be implemented as one or more computer program products, i.e., one or more computer programs tangibly embodied in an information carrier, e.g., in a machine-readable storage device or in a propagated signal, for execution by, or to control the operation of, data processing apparatus, e.g., a programmable processor, a computer, or multiple processors or computers.
  • a computer program (also known as a program, software, software application, or code) can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment.
  • a computer program does not necessarily correspond to a file.
  • a program can be stored in a portion of a file that holds other programs or data, in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub-programs, or portions of code).
  • a computer program can be deployed to be executed on one computer or on multiple computers located at one site or distributed across multiple sites and interconnected, permanently or intermittently, by a communication network.
  • processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer.
  • a processor will receive instructions and data from a read-only memory or a random access memory or both.
  • the essential elements of a computer are a processor for executing instructions and one or more memory devices for storing instructions and data.
  • a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto-optical disks, or optical disks.
  • a computer can be embedded in another device, e.g., in a digital appliance, for example, a mobile telephone or a personal digital assistant, to name just a few.
  • Information carriers suitable for embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, e.g., EPROM, EEPROM, and flash memory devices; magnetic disks, e.g., internal hard disks or removable disks; magneto-optical disks; and CD-ROM and DVD-ROM disks.
  • the processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.
  • the invention can be implemented on a computer having a display device, e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor, for displaying information to the user and a keyboard and a pointing device, e.g., a mouse or a trackball, by which the user can provide input to the computer.
  • a display device e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor
  • a keyboard and a pointing device e.g., a mouse or a trackball
  • Other kinds of devices can be used to provide for interaction with a user as well; for example, output provided to the user can be in any sensory form, e.g., visual, auditory, or tactile output; and input from the user can be received in any form, including acoustic, speech, or tactile input.
  • the invention can be implemented in a computing system that includes a back-end component (e.g., a data server), a middleware component (e.g., an application server), or a front-end component (e.g., a client computer having a graphical user interface or a web browser through which a user can interact with an implementation of the invention), or any combination of such back-end, middleware, and front-end components.
  • a back-end component e.g., a data server
  • a middleware component e.g., an application server
  • a front-end component e.g., a client computer having a graphical user interface or a web browser through which a user can interact with an implementation of the invention
  • the components of the system can be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network (“LAN”) and a wide area network (“WAN”), e.g., the Internet.
  • LAN local area network
  • the computing system can include clients and servers.
  • a client and server are generally remote from each other and typically interact through a communication network.
  • the relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.

Abstract

Methods and apparatus, including computer program products, for providing input to a workflow application. Source documents are received that have respective original signatures but no digital signatures. The source documents can be paper documents, or they can be scanned representations of paper documents. Proxy digital signatures are applied to digital representations of the source documents. The proxy digital signatures are differentiated in that they are annotated with metadata indicating the quality of the respective original signatures.

Description

    BACKGROUND
  • The present invention generally relates to digital data processing and more particularly to workflows involving signed documents.
  • It is a common goal for businesses to execute as many of business processes in a digital form as possible. In order to secure these processes, the use of digital signatures is a common practice. However, it is not always practical to use digital signatures. For example, external partners may not be able to produce documents with digital signatures in the required form. It can also be very difficult, especially in a large organization, to establish a certification infrastructure so that digital signatures can be used effectively everywhere within the organization.
    • SUMMARY OF THE INVENTION
  • The present invention provides methods and apparatus, including computer program products, that implement techniques for integrating normal paper signatures into computer-implemented workflows secured by digital signatures.
  • In one aspect, the invention provides methods and apparatus, including computer program products, for providing input to a workflow application. Source documents are received that can have respective original signatures but are not digitally signed. The source documents can be paper documents, or they can be scanned representations of paper documents. Proxy digital signatures are applied to digital representations of the source documents. The proxy digital signatures are differentiated in that they are annotated with metadata indicating the quality of the respective original signatures.
  • In particular implementations, one or more of the following features can be found. The digital representations of the source documents comprise text representations. The digital representations of the source documents comprise image representations. The non-digital source documents are digitized. The method metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having an original signature that was verified by a person applying the proxy digital signature to the corresponding source document. The metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having an original signature that was not verified by a person applying the proxy digital signature to the corresponding source document. The metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having no original signature. The signed digital representations of the source documents with proxy digital signatures and metadata are provided to a workflow application as input documents.
  • Details of one or more implementations of the invention are set forth in the accompanying drawings and in the description below. Further features, aspects, and advantages of the invention will become apparent from the description, the drawings, and the claims.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a block diagram of an implementation of the invention and operations relating to it.
    • DETAILED DESCRIPTION
  • FIG. 1 illustrates a data processing system 100 that is running a workflow application 110. The data processing system 100 can be implemented on one or more computers in a local or distributed configuration. The data processing system 100 and the workflow application 110 can be implemented in a client-server architecture, with users interacting with the system and application through client computers, e.g., personal computers or mobile personal digital assistants.
  • The workflow application 110 performs one or more business processes in a digital form taking signed digital documents 114 as input. The use of digital signatures on the documents provides security for the processes. However, and especially when a digital workflow is being introduced, not all potential participants may be able to produce documents with digital signatures, or to produce digital signatures that can be accepted by the workflow application 110.
  • The present invention solves this problem by introducing proxy digital signatures. These proxy signatures do not individually stand for either the authenticity or the integrity of the document content as such, but only for the correspondence of a digital representation of the document 118 to its source document 116 and to the presence of an actual signature on the source document 116.
  • The original source document 116 can be digitized (130) for handling by the system 100 in a number of ways. For example, documents can be entered by a typist or scanned by a scanner operator. Scanned documents can be processed into text form by an optical character reader (OCR) program or process, which can optionally involve a human operator to provide correction or confirmation of the resulting digital text. Optionally, the original source document can exist in, or be provided to, the system 100 in digital form, but without a digital signature sufficient for the security requirements of the workflow application 110.
  • For example, the original source document can be one or more records in a database and a printed paper document that was generated from those records. In one scenario based on this example, a salesman updates an order database with order information and prints an order document for a customer, the customer then signs the generated order document, and the salesman returns the signed order for processing. Assessing the actual signature (132), described below, then would include confirming that the signed paper order corresponds to the data from which it was generated.
  • In order to avoid confusion between proxy signatures and real digital signatures, i.e., signatures applied to the document by a person or system signing on his or its own behalf, the signature block of at least a proxy digital signature is annotated with suitable metadata to differentiate the kinds of digital signatures that will appear on documents entering the workflow application 110.
  • The kinds of digital signatures that are differentiated, and distinguished by metadata, can include the following kinds.
  • 1. Original signatures. These are non-proxy digital signatures. This kind can be assumed if no metadata is present.
  • 2. Verified paper signature. In a freshly created digital representation, the signature of the paper original was verified by a person based on a signature sample.
  • 3. Verified image signature. The signature in a digital image representation was verified based on a signature sample.
  • 4. Unverified paper signature present. In a freshly created digital representation, the presence of a signature, but not the signature itself, was verified by a person.
  • 5. Unverified image signature present. The presence of a signature in a digital image representation, but not the signature itself, was verified by a person.
  • 6. Unsigned. The original was not signed. This can be assumed if no digital signature present.
  • Thus, to support a secure workflow, the proxy digital signature will cover both the document itself—generally in the form of a hash of the document—and the metadata describing the kind of proxy digital signature that has been applied.
  • Assessing the source document signature (132)—i.e., determining whether an original signature is present, and if so, whether it matches a sample signature—is done by a person who provides the information to a program running on the system 100. This person signs (134) the digital representation 118 of the document with a proxy digital signature that is annotated with metadata identifying the kind of signature and the nature of the verification that was done with respect to the original signature, if any, on the source document. In this way, a digital document with a differentiated proxy signature 120 is produced.
  • Digital documents with differentiated proxy signatures 120 can then be submitted as an input documents to the workflow application 110, just as digital documents 114 with real digital signatures are submitted. The workflow application 110 can then accept, reject, or give special handling to each document with a proxy signature based on the quality of the signature attached to it, as indicated by the proxy signature metadata.
  • Such signed documents can exist in a number of forms. For example, a digital document and its differentiated proxy signature can be stored as a record in a database with the signature being attached to the document and part of the same record. As another example, a database can have one column for documents and a parallel column for corresponding signatures. As a further example, a database can a first table for document contents and a second table for descriptive information with a key that links descriptive information to documents, and the digital signature can be stored as one item of information stored in the second table. As a final example, a unique identifier (e.g., a properly constructed Uniform Resource Locator (URL), Uniform Resource Name (URN), Uniform Resource Identifier (URI), or Internationalized Resource Identifier (IRI)) can be assigned to the document and the differentiated proxy signature can be attached to the document by including the unique identifier in the data covered by the proxy digital signature, so that the signature in effect points to the signed document.
  • The use of such proxy signatures can facilitate the roll-out of digital-signature based systems, allowing digital-signature based work processes to be established inside a company where only parts of the company are attached to the certification infrastructure (e.g., for geographically detached parts, separate departments, or staged roll-outs). The use of such proxy signatures can also facilitate cross-organization, digital-signature-based workflows where some of the partners involved are not (yet) part of the certificate authority network, as well as workflows involving individual customers who are not part of the certificate authority network. The use of such proxy signatures can also be used to increase reliability in CRM (customer relationship management) operations because the employees entering documents into the CRM system are firmly attached to their documents through the proxy digital signatures that they apply.
  • The invention and all of the functional operations described in this specification can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structural means disclosed in this specification and structural equivalents thereof, or in combinations of them. The invention can be implemented as one or more computer program products, i.e., one or more computer programs tangibly embodied in an information carrier, e.g., in a machine-readable storage device or in a propagated signal, for execution by, or to control the operation of, data processing apparatus, e.g., a programmable processor, a computer, or multiple processors or computers. A computer program (also known as a program, software, software application, or code) can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment. A computer program does not necessarily correspond to a file. A program can be stored in a portion of a file that holds other programs or data, in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub-programs, or portions of code). A computer program can be deployed to be executed on one computer or on multiple computers located at one site or distributed across multiple sites and interconnected, permanently or intermittently, by a communication network.
  • The processes and logic flows described in this specification, including the method steps of the invention, can be performed by one or more programmable processors executing one or more computer programs to perform functions of the invention by operating on input data and generating output. The processes and logic flows can also be performed by, and apparatus of the invention can be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application-specific integrated circuit).
  • Processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer. Generally, a processor will receive instructions and data from a read-only memory or a random access memory or both. The essential elements of a computer are a processor for executing instructions and one or more memory devices for storing instructions and data. Generally, a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto-optical disks, or optical disks. A computer can be embedded in another device, e.g., in a digital appliance, for example, a mobile telephone or a personal digital assistant, to name just a few. Information carriers suitable for embodying computer program instructions and data include all forms of non-volatile memory, including by way of example semiconductor memory devices, e.g., EPROM, EEPROM, and flash memory devices; magnetic disks, e.g., internal hard disks or removable disks; magneto-optical disks; and CD-ROM and DVD-ROM disks. The processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.
  • To provide for interaction with a user, the invention can be implemented on a computer having a display device, e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor, for displaying information to the user and a keyboard and a pointing device, e.g., a mouse or a trackball, by which the user can provide input to the computer. Other kinds of devices can be used to provide for interaction with a user as well; for example, output provided to the user can be in any sensory form, e.g., visual, auditory, or tactile output; and input from the user can be received in any form, including acoustic, speech, or tactile input.
  • The invention can be implemented in a computing system that includes a back-end component (e.g., a data server), a middleware component (e.g., an application server), or a front-end component (e.g., a client computer having a graphical user interface or a web browser through which a user can interact with an implementation of the invention), or any combination of such back-end, middleware, and front-end components. The components of the system can be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network (“LAN”) and a wide area network (“WAN”), e.g., the Internet.
  • The computing system can include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
  • The invention has been described in terms of particular embodiments, but other embodiments can be implemented and are within the scope of the following claims.

Claims (30)

1. A method for providing input to a workflow application, comprising:
receiving source documents, the source documents having respective original signatures; and
signing digital representations of the source documents with proxy digital signatures annotated with metadata indicating the quality of the respective original signatures.
2. The method of claim 1, wherein the source documents comprise paper documents having no digital signatures.
3. The method of claim 1, wherein the source documents comprise image representations of paper documents.
4. The method of claim 1, wherein the digital representations of the source documents comprise text representations.
5. The method of claim 1, wherein the digital representations of the source documents comprise image representations.
6. The method of claim 1, further comprising:
digitizing non-digital source documents.
7. The method of claim 1, wherein:
the metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having an original signature that was verified by a person applying the proxy digital signature to the corresponding source document.
8. The method of claim 1, wherein:
the metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having an original signature that was not verified by a person applying the proxy digital signature to the corresponding source document.
9. The method of claim 1, wherein:
the metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having no original signature.
10. The method of claim 1, further comprising:
providing the signed digital representations of the source documents with proxy digital signatures and metadata to a workflow application as input documents.
11. A computer program product for providing input to a workflow application, tangibly embodied on an information carrier, operable to cause a data process apparatus to perform the operations of:
receiving source documents, the source documents having respective original signatures but no digital signatures; and
applying proxy digital signatures to digital representations of the source documents, the proxy digital signatures being annotated with metadata indicating the quality of the respective original signatures.
12. The product of claim 11, wherein the source documents comprise paper documents having no digital signatures.
13. The product of claim 11, wherein the source documents comprise image representations of paper documents.
14. The product of claim 11, wherein the digital representations of the source documents comprise text representations.
15. The product of claim 11, wherein the digital representations of the source documents comprise image representations.
16. The product of claim 11, further operable to cause a data process apparatus to perform the operation of:
digitizing non-digital source documents.
17. The product of claim 11, wherein:
the metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having an original signature that was verified by a person applying the proxy digital signature to the corresponding source document.
18. The product of claim 11, wherein:
the metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having an original signature that was not verified by a person applying the proxy digital signature to the corresponding source document.
19. The product of claim 11, wherein:
the metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having no original signature.
20. The product of claim 11, further operable to cause a data process apparatus to perform the operation of:
providing the signed digital representations of the source documents with proxy digital signatures and metadata to a workflow application as input documents.
21. A system for providing input to a workflow application, comprising:
means for receiving source documents, the source documents having respective original signatures but no digital signatures; and
means for applying proxy digital signatures to digital representations of the source documents, the proxy digital signatures being annotated with metadata indicating the quality of the respective original signatures.
22. The system of claim 21, wherein the source documents comprise paper documents having no digital signatures.
23. The system of claim 21, wherein the source documents comprise image representations of paper documents.
24. The system of claim 21, wherein the digital representations of the source documents comprise text representations.
25. The system of claim 21, wherein the digital representations of the source documents comprise image representations.
26. The system of claim 21, further comprising:
means for digitizing non-digital source documents.
27. The system of claim 21, wherein:
the metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having an original signature that was verified by a person applying the proxy digital signature to the corresponding source document.
28. The system of claim 21, wherein:
the metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having an original signature that was not verified by a person applying the proxy digital signature to the corresponding source document.
29. The system of claim 21, wherein:
the metadata for a particular digital representation indicates whether or not the corresponding source document was a paper document having no original signature.
30. The system of claim 21, further comprising:
means for providing the signed digital representations of the source documents with proxy digital signatures and metadata to a workflow application as input documents.
US11/026,559 2004-12-30 2004-12-30 Differentiated proxy digital signatures Active 2027-09-06 US7890762B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/026,559 US7890762B2 (en) 2004-12-30 2004-12-30 Differentiated proxy digital signatures

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/026,559 US7890762B2 (en) 2004-12-30 2004-12-30 Differentiated proxy digital signatures

Publications (2)

Publication Number Publication Date
US20060156006A1 true US20060156006A1 (en) 2006-07-13
US7890762B2 US7890762B2 (en) 2011-02-15

Family

ID=36654643

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/026,559 Active 2027-09-06 US7890762B2 (en) 2004-12-30 2004-12-30 Differentiated proxy digital signatures

Country Status (1)

Country Link
US (1) US7890762B2 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040128612A1 (en) * 2002-10-09 2004-07-01 Josef Dietl Hybrid digital signature workflow
US20040143627A1 (en) * 2002-10-29 2004-07-22 Josef Dietl Selecting a renderer
US20090183007A1 (en) * 2008-01-11 2009-07-16 Illinois Tools Works Inc. Method, Computer Program Product and Apparatus for Authenticating Electronic Documents
US20100023758A1 (en) * 2008-07-23 2010-01-28 Shocky Han Document authentication using electronic signature
US7676192B1 (en) * 2005-12-21 2010-03-09 Radio Shack, Corp. Radio scanner programmed from frequency database and method
US20130067017A1 (en) * 2010-04-15 2013-03-14 Mxi Technologies, Ltd. Mehtod and system for deployed operations support
US20130325889A1 (en) * 2011-03-15 2013-12-05 Architecture Technology Corporation Local storage of information pedigrees

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140181984A1 (en) 2012-12-21 2014-06-26 International Business Machines Corporation Method and apparatus for authentication of solution topology

Citations (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5001752A (en) * 1989-10-13 1991-03-19 Fischer Addison M Public/key date-time notary facility
US5734752A (en) * 1996-09-24 1998-03-31 Xerox Corporation Digital watermarking using stochastic screen patterns
US5850346A (en) * 1995-12-27 1998-12-15 Mitsubishi Electric Information Technology Center America, Inc. System for embedding hidden source information in three-dimensional computer model data
US6107913A (en) * 1998-05-12 2000-08-22 Cyberscan Technology, Inc. Scratchable conductive latex document scanner
US6209090B1 (en) * 1997-05-29 2001-03-27 Sol Aisenberg Method and apparatus for providing secure time stamps for documents and computer files
US6307955B1 (en) * 1998-12-18 2001-10-23 Topaz Systems, Inc. Electronic signature management system
US20020029337A1 (en) * 1994-07-19 2002-03-07 Certco, Llc. Method for securely using digital signatures in a commercial cryptographic system
US20020053021A1 (en) * 2000-09-25 2002-05-02 Rice Marion R. Internet-based secure document signing network
US6398245B1 (en) * 1998-08-13 2002-06-04 International Business Machines Corporation Key management system for digital content player
US20020104004A1 (en) * 2001-02-01 2002-08-01 Bruno Couillard Method and apparatus for synchronizing real-time clocks of time stamping cryptographic modules
US20020138735A1 (en) * 2001-02-22 2002-09-26 Felt Edward P. System and method for message encryption and signing in a transaction processing system
US20030056104A1 (en) * 1994-03-17 2003-03-20 Carr J. Scott Digitally watermarking checks and other value documents
US20030131241A1 (en) * 2002-01-04 2003-07-10 Gladney Henry M. Trustworthy digital document interchange and preservation
US20040117726A1 (en) * 2001-06-19 2004-06-17 Ryu Inada Electronic document format control apparatus and method
US20040158717A1 (en) * 2003-02-10 2004-08-12 Red Hat, Inc. Electronic document active content assurance
US6785815B1 (en) * 1999-06-08 2004-08-31 Intertrust Technologies Corp. Methods and systems for encoding and protecting data using digital signature and watermarking techniques
US20050005126A1 (en) * 2003-07-04 2005-01-06 Information And Communications University Educational Foundation Method and apparatus for generating and verifying an ID_based proxy signature by using bilinear pairings
US20060004662A1 (en) * 2004-06-30 2006-01-05 International Business Machines Corporation Method and system for a PKI-based delegation process
US20060156005A1 (en) * 2002-12-20 2006-07-13 Jean-Bernard Fischer Method and device for making secure execution of a computer programme
US20060259783A1 (en) * 2005-04-27 2006-11-16 William Work Methods and Systems for Clinical Trial Data Management
US20060271787A1 (en) * 2005-05-31 2006-11-30 Xerox Corporation System and method for validating a hard-copy document against an electronic version
US20070033168A1 (en) * 2005-08-08 2007-02-08 David Minogue Agent rank
US7197143B2 (en) * 2002-01-18 2007-03-27 The Johns Hopkins University Digital video authenticator

Patent Citations (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5001752A (en) * 1989-10-13 1991-03-19 Fischer Addison M Public/key date-time notary facility
US20030056104A1 (en) * 1994-03-17 2003-03-20 Carr J. Scott Digitally watermarking checks and other value documents
US20020029337A1 (en) * 1994-07-19 2002-03-07 Certco, Llc. Method for securely using digital signatures in a commercial cryptographic system
US5850346A (en) * 1995-12-27 1998-12-15 Mitsubishi Electric Information Technology Center America, Inc. System for embedding hidden source information in three-dimensional computer model data
US5734752A (en) * 1996-09-24 1998-03-31 Xerox Corporation Digital watermarking using stochastic screen patterns
US6209090B1 (en) * 1997-05-29 2001-03-27 Sol Aisenberg Method and apparatus for providing secure time stamps for documents and computer files
US6107913A (en) * 1998-05-12 2000-08-22 Cyberscan Technology, Inc. Scratchable conductive latex document scanner
US6398245B1 (en) * 1998-08-13 2002-06-04 International Business Machines Corporation Key management system for digital content player
US6307955B1 (en) * 1998-12-18 2001-10-23 Topaz Systems, Inc. Electronic signature management system
US6785815B1 (en) * 1999-06-08 2004-08-31 Intertrust Technologies Corp. Methods and systems for encoding and protecting data using digital signature and watermarking techniques
US20020053021A1 (en) * 2000-09-25 2002-05-02 Rice Marion R. Internet-based secure document signing network
US20020104004A1 (en) * 2001-02-01 2002-08-01 Bruno Couillard Method and apparatus for synchronizing real-time clocks of time stamping cryptographic modules
US20020138735A1 (en) * 2001-02-22 2002-09-26 Felt Edward P. System and method for message encryption and signing in a transaction processing system
US20040117726A1 (en) * 2001-06-19 2004-06-17 Ryu Inada Electronic document format control apparatus and method
US20030131241A1 (en) * 2002-01-04 2003-07-10 Gladney Henry M. Trustworthy digital document interchange and preservation
US7197143B2 (en) * 2002-01-18 2007-03-27 The Johns Hopkins University Digital video authenticator
US20060156005A1 (en) * 2002-12-20 2006-07-13 Jean-Bernard Fischer Method and device for making secure execution of a computer programme
US20040158717A1 (en) * 2003-02-10 2004-08-12 Red Hat, Inc. Electronic document active content assurance
US20050005126A1 (en) * 2003-07-04 2005-01-06 Information And Communications University Educational Foundation Method and apparatus for generating and verifying an ID_based proxy signature by using bilinear pairings
US20060004662A1 (en) * 2004-06-30 2006-01-05 International Business Machines Corporation Method and system for a PKI-based delegation process
US20060259783A1 (en) * 2005-04-27 2006-11-16 William Work Methods and Systems for Clinical Trial Data Management
US20060271787A1 (en) * 2005-05-31 2006-11-30 Xerox Corporation System and method for validating a hard-copy document against an electronic version
US20070033168A1 (en) * 2005-08-08 2007-02-08 David Minogue Agent rank
US20090287697A1 (en) * 2005-08-08 2009-11-19 Google Inc. Agent rank

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7783885B2 (en) * 2002-10-09 2010-08-24 Sap Aktiengesellschaft Hybrid digital signature workflow
US20040128612A1 (en) * 2002-10-09 2004-07-01 Josef Dietl Hybrid digital signature workflow
US20040143627A1 (en) * 2002-10-29 2004-07-22 Josef Dietl Selecting a renderer
US7529792B2 (en) 2002-10-29 2009-05-05 Sap Aktiengesellschaft Method and apparatus for selecting a renderer
USRE44142E1 (en) * 2005-12-21 2013-04-09 Radioshack Corporation Radio scanner programmed from frequency database and method
US7676192B1 (en) * 2005-12-21 2010-03-09 Radio Shack, Corp. Radio scanner programmed from frequency database and method
US20090183007A1 (en) * 2008-01-11 2009-07-16 Illinois Tools Works Inc. Method, Computer Program Product and Apparatus for Authenticating Electronic Documents
US20100023758A1 (en) * 2008-07-23 2010-01-28 Shocky Han Document authentication using electronic signature
US8924307B2 (en) * 2008-07-23 2014-12-30 Shocky Han Document authentication using electronic signature
US20130067017A1 (en) * 2010-04-15 2013-03-14 Mxi Technologies, Ltd. Mehtod and system for deployed operations support
US9898703B2 (en) * 2010-04-15 2018-02-20 Mxi Technologies, Ltd. Method and system for deployed operations support
US20130325889A1 (en) * 2011-03-15 2013-12-05 Architecture Technology Corporation Local storage of information pedigrees
US9229936B2 (en) * 2011-03-15 2016-01-05 Architecture Technology Corporation Local storage of information pedigrees

Also Published As

Publication number Publication date
US7890762B2 (en) 2011-02-15

Similar Documents

Publication Publication Date Title
US9081987B2 (en) Document image authenticating server
US9594739B2 (en) Document signing systems and methods
US8572388B2 (en) Electronic document management system
US20050231738A1 (en) Electronic document management system
US8667290B2 (en) Efficient, high volume digital signature system for medical and business applications
JP2001229336A (en) Method for authorizing job base between companies
US20090228300A1 (en) Mobile device-enhanced verification of medical transportation services
CN103020746A (en) Method and system for online automatic checking of network user identity of enterprise
KR20130033915A (en) System and method for processing insurance contracts based on cloud computing and related business management tool
JP2002007701A (en) Loan application system
US20040221162A1 (en) Method and systems to facilitate online electronic notary, signatures and time stamping
US7783885B2 (en) Hybrid digital signature workflow
US7890762B2 (en) Differentiated proxy digital signatures
US20120278251A1 (en) System and method for compliant integrated paperless workflow
US9697350B1 (en) Electronic signing of content
US20050188204A1 (en) Electronic notary service
JP2003281333A (en) System, method and program for electronic signature, and recording medium having the program recorded thereon
TWM520159U (en) Device for generating and identifying electronic document containing electronic authentication and paper authentication
Geistová Čakovská et al. Recommendations for capturing signatures digitally to optimize their suitability for forensic handwriting examination
US20200372469A1 (en) Business card information management system and business card information management program
JP3244275U (en) Best before date management system
US20120179756A1 (en) Method and system for platform agnostic electronic signature
TWI595380B (en) Device for generating or verifying authenticate electronic document with electronic and paper certification and method thereof
JP2004133549A (en) Family register certificate application processing method, family register certificate application processor and program
US20230350987A1 (en) Physical signature authorization via a portal

Legal Events

Date Code Title Description
AS Assignment

Owner name: SAP AKTIENGESELLSCHAFT, GERMANY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DIETL, JOSEF;VERLAAN, THEO;SIGNING DATES FROM 20050421 TO 20050422;REEL/FRAME:016143/0757

Owner name: SAP AKTIENGESELLSCHAFT, GERMANY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DIETL, JOSEF;VERLAAN, THEO;REEL/FRAME:016143/0757;SIGNING DATES FROM 20050421 TO 20050422

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Free format text: PAYER NUMBER DE-ASSIGNED (ORIGINAL EVENT CODE: RMPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: SAP SE, GERMANY

Free format text: CHANGE OF NAME;ASSIGNOR:SAP AG;REEL/FRAME:033625/0334

Effective date: 20140707

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552)

Year of fee payment: 8

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12